Cyber-attacks can pose a significant concern to both government and corporate entities worldwide. Attackers can often circumvent conventional attack detection processes through slight modifications to how cyber-attacks are performed and/or through subtle changes to the attacking code itself.
Advanced cyber threats, such as advanced persistent threats (APT), have multiple phases. Rule-based and signature-based detection processes have been used in efforts to curb the proliferation of such multi-phase attacks. In the case of signature-based processes, the generation of valid signatures may take time, and their efficacy may be limited. Additionally, signatures may be used for individual files/processes in a system end point (or potentially at a network perimeter), while not taking into consideration the system as a whole or using analytics across many systems' memory. In some cases, the result can be a cyber-defensive posture that is easily bypassed and that is not prepared to defend against previously-unseen attacks or to predict next phases of an attack.